* pkclist.c (select_algo_from_prefs): Slightly improve the handling of

MD5 in preference lists. Instead of replacing MD5 with SHA-1, just remove MD5 from the list altogether, and let the next-highest ranked algorithm be chosen.
2025-02-01 16:33:02 +01:00 · 2010-10-29 19:14:28 +00:00 · 2010-10-29 19:14:28 +00:00 · 79019ee776
commit 79019ee776
parent d89e59bdb3
2 changed files with 26 additions and 13 deletions
--- a/g10/ChangeLog
+++ b/g10/ChangeLog
@ -5,6 +5,11 @@
 	can't pick something not present in all preference lists, but we
 	might pick something that isn't scored first choice).

+	* pkclist.c (select_algo_from_prefs): Slightly improve the
+	handling of MD5 in preference lists.  Instead of replacing MD5
+	with SHA-1, just remove MD5 from the list altogether, and let the
+	next-highest ranked algorithm be chosen.
+
 2010-10-27  Werner Koch  <wk@g10code.com>

 	* keygen.c (ask_expire_interval): Print 2038 warning only for 32
--- a/g10/pkclist.c
+++ b/g10/pkclist.c
@ -1266,7 +1266,6 @@ select_algo_from_prefs(PK_LIST pk_list, int preftype,
  u32 bits[8];
  const prefitem_t *prefs;
  int result=-1,i;
-  unsigned int best=-1;    
  u16 scores[256];

  if( !pk_list )
@ -1403,10 +1402,31 @@ select_algo_from_prefs(PK_LIST pk_list, int preftype,

  if(result==-1)
    {
+      unsigned int best=-1;    
+
      /* At this point, we have not selected an algorithm due to a
 	 special request or via personal prefs.  Pick the highest
 	 ranked algorithm (i.e. the one with the lowest score). */

+      if(preftype==PREFTYPE_HASH && scores[DIGEST_ALGO_MD5])
+	{
+	  /* "If you are building an authentication system, the recipient
+	     may specify a preferred signing algorithm. However, the
+	     signer would be foolish to use a weak algorithm simply
+	     because the recipient requests it." (RFC4880:14).  If any
+	     other hash algorithm is available, pretend that MD5 isn't.
+	     Note that if the user intentionally chose MD5 by putting it
+	     in their personal prefs, then we do what the user said (as we
+	     never reach this code). */
+
+	  for(i=DIGEST_ALGO_MD5+1;i<256;i++)
+	    if(scores[i])
+	      {
+		scores[DIGEST_ALGO_MD5]=0;
+		break;
+	      }
+	}
+
      for(i=0;i<256;i++)
 	{
 	  /* Note the '<' here.  This means in case of a tie, we will
@ -1424,18 +1444,6 @@ select_algo_from_prefs(PK_LIST pk_list, int preftype,
 	      result=i;
 	    }
 	}
-
-      /* "If you are building an authentication system, the recipient
-	 may specify a preferred signing algorithm. However, the
-	 signer would be foolish to use a weak algorithm simply
-	 because the recipient requests it." (RFC4880:14).  If we
-	 settle on MD5, and SHA1 is also available, use SHA1 instead.
-	 Note that if the user intentionally chose MD5 by putting it
-	 in their personal prefs, then we do what the user said (as we
-	 never reach this code). */
-      if(preftype==PREFTYPE_HASH && result==DIGEST_ALGO_MD5
-	 && (bits[0] & (1<<DIGEST_ALGO_SHA1)))
-	result=DIGEST_ALGO_SHA1;
    }

  return result;